2 matches found
CVE-2026-15738
The CVE-2026-15738 issue affects the AWS Load Balancer Controller prior to version 3.4.2, where incorrect behavior order in Gateway API listener-rule generation can let an authenticated remote user intercept, spoof, or deny another namespace’s gRPC traffic on a shared Gateway via a crafted HTTPRo...
CVE-2026-53935 CiliumLocalRedirectPolicy addressMatcher allows cross-namespace service traffic hijacking and can break service translation
Cilium is a networking, observability, and security solution. Prior to 1.17.16, from 1.18.2 to 1.18.9, and from 1.19.0 to 1.19.3, users with the ability to create CiliumLocalRedirectPolicies can specify arbitrary ClusterIPs via addressMatcher, enabling hijacking traffic to Services in any namespa...